The Federal Court recently underscored the importance of compliance with the requirements of the Personal Information Protection and Electronic Documents Act (PIPEDA) in a decision that applies only to federal works and undertakings subject to the Act.

The assessment of a corporation’s cyber risks is part of a board of directors’ general risk oversight responsibilities. Since lawsuits, including class actions, are often commenced soon after a data breach, directors and officers should now consider that the board’s oversight of cyber risks may also be closely and thoroughly scrutinized in future litigation and […]

The malevolently-inclined are getting more ambitious (a 2014 study by the Ponemon Institute that evaluated security-breach costs in the retail sector suggests that average size of a breach is about 30,000 records) and more damaging (average loss is now about $105 per stolen record). The same study estimated that the average cost of a cyber-crime for the retailer is about $3.15-million. These are average numbers only: recent large-scale retail breaches have involved records in the millions, with costs similarly increased. Although the article was written before the holidays, the tips provided are still very useful to manage the risk of security breaches.

The two most common sources of breaches are unintended disclosure—like misdirected emails and faxes, which account for 31 percent—and the physical loss of paper records, accounting for 24 percent. That’s according to a new analysis of more than 1,500 data breaches in 2013 and 2014.

Not long ago, cybersecurity was a term rarely, if ever, heard in the boardroom. Rather, information security was deemed to be a risk managed solely by the chief information or technology officer. Those days are gone. With the litany of high profile cybersecurity hacks—and the potential resulting drop in shareholder value, regulatory inquiries and litigations which inevitably follow—cybersecurity has become an increasingly challenging risk that boards must address.

Much has been written about Heartbleed and the speed at which various companies have reacted to it. Notably, the Canada Revenue Agency (CRA) closed their online portal for some time and lost hundreds of Social Insurance Numbers. It was also revealed that the NSA has been using the bug for over two years to get […]

Cybersecurity: the word conjures up images of software engineers in lab coats feverishly analyzing cryptographic code in an effort to thwart an attack from a country somewhere on the other side of the globe. Seemingly daily reports of major data breaches are now coupled with warnings about a cybersecurity “talent gap,” meaning that there is […]

A growing number of companies are investing in cyber risks insurance, which offers a degree of protection against the consequences of cyberattacks such as hacking, business disruptions and digital data breaches. Organizations are increasingly buying insurance to protect against losses from computer breaches.